Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/xmikos/setools-android

Unofficial port of setools to Android with additional sepolicy-inject utility included
https://github.com/xmikos/setools-android

Last synced: 17 days ago
JSON representation

Unofficial port of setools to Android with additional sepolicy-inject utility included

Host: GitHub
URL: https://github.com/xmikos/setools-android
Owner: xmikos
License: other
Created: 2014-12-16T23:23:34.000Z (almost 10 years ago)
Default Branch: master
Last Pushed: 2017-08-22T15:06:48.000Z (about 7 years ago)
Last Synced: 2024-10-13T00:57:19.948Z (about 1 month ago)
Language: C
Homepage:
Size: 856 KB
Stars: 247
Watchers: 26
Forks: 100
Open Issues: 7
Metadata Files:
- Readme: README.md
- Changelog: ChangeLog
- License: COPYING

Awesome Lists containing this project

README

        ## Description

This is unofficial port of [setools][1] to Android with additional

[sepolicy-inject][2] utility by Joshua Brindle

Ported:

 * seinfo

 * sesearch

These tools allow to analyze SELinux/SEAndroid policy on an Android device.

Included:

 * sepolicy-inject

 

This tool injects allow rules into binary SELinux kernel policies.

[1]: http://oss.tresys.com/projects/setools

[2]: http://bitbucket.org/joshua_brindle/sepolicy-inject

## Building for Android

Ensure that you have installed _android-ndk_ properly. Then run:

    ndk-build

## Building for Linux

setools-android can be built for *nix platform as stand-alone binaries without

external dependencies. This build simplifies analysis of Android's sepolicy

after dumping it from a device.

    autoreconf -i

    ./configure

    make

    sudo cp ./seinfo ./sesearch ./sepolicy-inject /usr/local/bin  # optional

## Usage

    sepolicy-inject -s  -t  -c  -p [,,,...] [-P ] [-o ] [-l|--load]

    sepolicy-inject -Z type_to_make_permissive [-P ] [-o ] [-l|--load]

    sepolicy-inject -z type_to_make_nonpermissive [-P ] [-o ] [-l|--load]

For example if you want to allow _vdc_ to write to pseudo-terminal (so you can see replies from _vdc_ command):

    sepolicy-inject -s vdc -t devpts -c chr_file -p read,write -l

## Third-party code

This repository contains other opensource code:

 * regex (from OpenBSD)

 * bzip2

 * libsepol

Based on [pasis/setools-android][3] by Dmitry Podgorny (pasis) and

[xmikos/setools-android][4] by Michal Krenek (Mikos)

[3]: https://github.com/pasis/setools-android

[4]: https://github.com/xmikos/setools-android